You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by bd...@apache.org on 2016/04/05 11:53:25 UTC
svn commit: r1737813 - /sling/site/trunk/content/documentation/the-sling-engine/the-sling-launchpad.mdtext

Author: bdelacretaz
Date: Tue Apr  5 09:53:25 2016
New Revision: 1737813

URL: http://svn.apache.org/viewvc?rev=1737813&view=rev
Log:
Add control port nonce information

Modified:
    sling/site/trunk/content/documentation/the-sling-engine/the-sling-launchpad.mdtext

Modified: sling/site/trunk/content/documentation/the-sling-engine/the-sling-launchpad.mdtext
URL: http://svn.apache.org/viewvc/sling/site/trunk/content/documentation/the-sling-engine/the-sling-launchpad.mdtext?rev=1737813&r1=1737812&r2=1737813&view=diff
==============================================================================
--- sling/site/trunk/content/documentation/the-sling-engine/the-sling-launchpad.mdtext (original)
+++ sling/site/trunk/content/documentation/the-sling-engine/the-sling-launchpad.mdtext Tue Apr  5 09:53:25 2016
@@ -52,17 +52,40 @@ The Sling Standalone application looks f
 
 ### Control Port
 
-When starting the Sling Standalone Application with the `start` command line option, a TCP port is opened. The interface and port is configurable with the `-j` command line option. The address of the interface and the actual port used are written to the `$\{sling.home}/conf/controlport` file. So technically the `-j` option is not required for the `status` and `stop` operations because the port information is just read from this file.
+When starting the Sling Standalone Application with the `start` command line option, a TCP port is opened. The interface and port is configurable with the `-j` command line option. The actual address and port used are written to the `$\{sling.home}/conf/controlport` file. So technically the `-j` option is not required for the `status` and `stop` operations because the port information can be read from that file.
 
 Note that using a control connection for the Sling Standalone Application presents a potential security issue. For this reason the following defaults apply:
 
-* The server side socket for a running Sling Standalone Application is only created if the application is started with the `start` command line option. If this option is omitted -- the default -- the server side socket is not created and the Sling Standalone Application instance cannot be remotely controlled.
-* The default host name for the socket is localhost/127.0.0.1 meaning that the socket is only accessible from the same system as the Sling Standalone Application is running on.
-* In addition to the IP address and port on which the control port is listening a nonce is written to the `controlport` file. Any interaction with the server on the control port must include this none.
-
-Suggestions:
-* Do not allow the control port to be opened on an externally visible interface. Using the localhost/127.0.0.1 is just sufficient.
-* Make sure only legitimate users have access to the installation folder of Sling (`${sling.home}`).
+* The server side socket for a running Sling Standalone Application is not created by default, but only if the application is started with the `start` command line option.
+* The default control port configuration is `localhost/127.0.0.1` meaning that the socket is only accessible from the same system as the Sling Standalone Application is running on.
+* A nonce, followed by a space character, must be used as a prefix for every command sent to the control port. This nonce is generated by Sling at startup and also written to the `controlport` file mentioned above.
+
+For additional security, do not allow the control port to be opened on an externally visible network interface and strictly restrict access to the Sling installation folder (`${sling.home}`).
+
+Here's an example session where a Sling Standalone Application is started with the control port active:
+
+    $ java -jar target/org.apache.sling.launchpad-9-SNAPSHOT.jar start
+    05.04.2016 11:50:45.003 *INFO * [main] Setting sling.home=sling (default)
+    05.04.2016 11:50:45.006 *INFO * [main] Starting Apache Sling in /foo/sling/launchpad/builder/sling
+	...
+    05.04.2016 11:50:45.012 *INFO * [Apache Sling Control Listener@/127.0.0.1:59239] Apache Sling Control Listener started
+	...
+	
+And stopped using its control port, from another terminal:
+
+	$ cat sling/conf/controlport 
+	127.0.0.1:59239
+	mdsryh1k5fpcgvm7suqnckxkr7fvluzv
+	
+	$ telnet 127.0.0.1 59239
+	Trying 127.0.0.1...
+	Connected to localhost.
+	Escape character is '^]'.
+	
+	mdsryh1k5fpcgvm7suqnckxkr7fvluzv stop
+	
+	OK
+	Connection closed by foreign host.
 
 
 ### Shutdown Hook